Merge pull request #1 from mitre/d3vco/relocate-payloads

Relocate payloads

README.md

@@ -10,28 +10,28 @@ Full IEC 61850 plugin [documentation](docs/iec61850.md) can be viewed as part of
 
 To run Caldera along with the IEC 61850 plugin:
 1. Download Caldera as detailed in the [Installation Guide](https://github.com/mitre/caldera)
-2. Install the iec61850 plugin in Caldera's plugin directory: `caldera/plugins`
-3. Enable the iec61850 plugin by adding `- iec61850` to the list of enabled plugins in `conf/local.yml` or `conf/default.yml` (if running Caldera in insecure mode)
+2. Copy this repository into Caldera's plugin directory: `caldera/plugins`. You can do this in (at least) two ways:
+    1. Download the source code from the __Releases__ section of this repository and extract the archive file into the `caldera/plugins` directory.
+    2. Use the command line to clone the repository. Navigate to the `caldera/plugins` directory and enter the following command:
+```
+git clone https://github.com/mitre/iec61850.git
+```
+3. Download the required compiled payload(s) from the [__Releases__](https://github.com/mitre/iec61850-payloads/releases) section of the `iec61850-payloads` repository. The downloadable payloads are available under the __Assets__ header of the latest release.
+4. Save the downloaded payload file(s) in the `caldera/plugins/iec61850/payloads` directory of your Caldera installation.
+5. Enable the iec61850 plugin. To do this, add `- iec61850` to the list of enabled plugins in either `conf/local.yml` or `conf/default.yml` (if running Caldera in insecure mode)
 
 ### Version
 This plugin has been tested with Caldera v4.2.0 (released 19 June 2023). This can be cloned using the following method:
 ```
 git clone https://github.com/mitre/caldera.git --recursive --branch 4.2.0
 ```
 
-### Tested OS Versions for Plugin Payload(s)
-
-Building of the IEC 61850 plugin payloads has been tested on multiple operating systems using CMake as described [here](src/README.md#reproducing-builds). See the corresponding plugin payload source code for further build information.
-
-Testing of the binaries has occurred on:
-* Microsoft Windows 10 v21H2
-* Ubuntu 22.04.3 LTS
-* macOS Ventura
-
 ### Plugin Payload Source Code
-For additional information on the IEC 61850 plugin payload source code, please see the `src/` directory, which contains additional licensing and build guidance.
-
-## Plugin Usage
- - Import the plugin, and optionally set up the required facts (i.e. like the fact sources provided). 
- - Start an operation, optionally using the fact source you set up. 
- - Use "Add Potential Link" to run a specific ability from this plugin. You can enter the fact values manually, or use the ones from your fact source. 
+For additional information on the IEC 61850 plugin payload source code, please see the [`iec61850-payloads`](https://github.com/mitre/iec61850-payloads) repository.
+
+## Usage
+1. Install and enable the plugin as described [above](#installation).
+2. Optionally, create a fact source to store attributes of the target system. An example is provided [here](./data/sources/48db3ad5-c003-40af-aaee-54f2377da2e5.yml).
+3. Start the Caldera server
+4. Create a new Operation, optionally using the fact source from step 2.
+5. Use "Add Potential Link" to run a specific ability from this plugin. Fact values can can be entered manually, or selected from a fact source.

docs/iec61850.md

@@ -2,7 +2,7 @@
 
 IEC 61850 Protocol Threat Emulation Tooling  
 
-v1.0.0 released 11 Jan 2024  
+v1.0.1 released 25 Mar 2024  
 Mapped to MITRE ATT&CK® for ICS [v14](https://attack.mitre.org/resources/updates/updates-october-2023/)
 
 ## Overview
@@ -110,7 +110,7 @@ This section describes the main components of the plugin and how they interface.
 The IEC 61850 plugin exposes several new protocol specific abilities to your Caldera instance. The abilities are executed from a host running a Caldera agent via the corresponding payload. Abilities must target devices that support IEC 61850 MMS communications to achieve described effects. By default the plugin will use __port 102__ for all communication.
 
 ### Payloads
-The IEC 61850 plugin includes one payload that implements the abilities, compiled for 3 different architectures.
+The IEC 61850 plugin utilizes one payload that implements the abilities. This payload has been compiled for 3 different architectures.
 * `iec61850_actions.exe`: Windows executable
 * `iec61850_actions`: Linux executable
 * `iec61850_actions_darwin`: macOS (ARM) executable